TalkTalk has said nearly 157,000 of its customers’ personal details were cyber hacked on it’s website.
More than 15,600 bank account numbers and sort codes were stolen, the company said.
This week police released a 16-year-old boy on bail who was the fourth person arrested in connection with the hack.
Since news of the cyber-attack emerged, TalkTalk shares have lost about a third of their value.
The firm said 4% of TalkTalk customers have sensitive data at risk. It confirmed that scale of the attack was “much more limited than initially suspected”.
TalkTalk said:
- 156,959 customers had personal details accessed
- Of those customers, 15,656 bank account numbers and sort codes were stolen
- 28,000 stolen credit and debit card numbers were “obscured” and “cannot be used for financial transactions”.
Customers whose financial details were stolen have been contacted, and the firm will contact other affected customers “within the coming days”.
The cyber attack on TalkTalk’s website happened on 21 October, it added.
Details that TalkTalk previously said had been stolen included names, addresses, dates of birth, telephone numbers and email addresses.
In October, the firm described the attack as “significant and sustained”, but that it was too early to say which data had been stolen.
It initially said that all of its customers may have been affected, but then restated in its estimate.
Four people have been arrested over the hack so far: a boy of 15 in Northern Ireland, a 16-year-old boy from west London, a 20-year-old Staffordshire man, and a 16-year-old boy in Norwich. All four have been released on bail.